On 22 June 2016 at 13:18, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> This patch covers transactions using the flat syntax representation, eg.
>
> add table x
> add chain x y { type filter hook forward priority 0; }
> add chain x y { policy drop; }
>
> This also covers things like:
>
> add element x whitelist { 1.1.1.1 }
> delete element x whitelist { 1.1.1.1 }
>
> The one above may look silly from a human behaviour point of view, but
> silly robots may very well behave like this.
>
> These tests require several kernel patches though in order to pass
> successfully.
>
> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
I reviewed most of the testscases and they seem fine to me,
Acked-by: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
Side note:
if you execute some of them without the kernel patches (so they fail),
a segfault happens in nft (I guess related to cache handling).
W: [FAILED] ./testcases/transactions/0037set_0: expected 0 but got 139
./testcases/transactions/0037set_0: line 19: 15139 Segmentation fault
$NFT -f $tmpfile
W: [FAILED] ./testcases/transactions/0038set_0: expected 0 but got 139
./testcases/transactions/0038set_0: line 21: 15151 Segmentation fault
$NFT -f $tmpfile
W: [FAILED] ./testcases/transactions/0039set_0: expected 0 but got 139
./testcases/transactions/0039set_0: line 21: 15163 Segmentation fault
$NFT -f $tmpfile
--
Arturo Borrero González
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
